# Archive
Browse past daily curated stories
Sunday, March 01, 2026
-
1BleepingComputer general$4.8M in crypto stolen after Korean tax agency exposes wallet seed
South Korea's National Tax Service accidentally exposed a cryptocurrency wallet's mnemonic recovery phrase in an official press release, allowing hackers to steal 6.4 billion won ($4.8 million) worth of cryptocurrency from the seized wallet. This demonstrates how government agencies handling crypto assets can become high-value targets when operational security fails.
-
2SecurityWeek generalCanadian Tire Data Breach Impacts 38 Million Accounts
Canadian Tire suffered a data breach affecting 38 million customer accounts, exposing names, addresses, email addresses, phone numbers, and encrypted passwords. The massive scale makes this one of the largest retail breaches in recent history, highlighting the extensive personal data collected by major retailers.
-
3Krebs on Security threat-intelWho is the Kimwolf Botmaster “Dort”?
KrebsOnSecurity investigates the identity of "Dort," the operator of Kimwolf botnet described as the world's largest and most disruptive botnet. Following disclosure of vulnerabilities used to build the botnet in January 2026, Dort has launched DDoS attacks, doxxing campaigns, and even caused a SWAT team to be sent to a security researcher's home.
-
4The Hacker News generalThousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
Truffle Security discovered nearly 3,000 Google Cloud API keys (prefixed with "AIza") embedded in client-side code that could be abused to authenticate to Gemini AI endpoints and access private data. The keys, originally meant as project identifiers for billing, gained unauthorized access to sensitive AI services when Gemini APIs were enabled.
-
5BleepingComputer generalQuickLens Chrome extension steals crypto, shows ClickFix attack
The Chrome extension "QuickLens - Search Screen with Google Lens" was removed from the Chrome Web Store after being compromised to push malware targeting cryptocurrency theft from thousands of users. The incident demonstrates a ClickFix attack vector where legitimate browser extensions are weaponized to deliver malicious payloads.
-
6The Hacker News generalClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw fixed a high-severity vulnerability dubbed "ClawJacked" that allowed malicious websites to connect to locally running AI agents via WebSocket and hijack control. The flaw affected the core OpenClaw gateway system without requiring any plugins or extensions, demonstrating risks in local AI agent architectures.
-
7SecurityWeek general900 Sangoma FreePBX Instances Infected With Web Shells
Attackers infected 900 Sangoma FreePBX instances with web shells by exploiting a post-authentication command injection vulnerability in the endpoint manager's interface. The widespread compromise of these business phone system servers creates persistent backdoor access for attackers in corporate networks.
-
8The Hacker News generalScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
North Korean threat actor ScarCruft deployed new malware tools including a backdoor using Zoho WorkDrive for command-and-control communications and USB-based implants to breach air-gapped networks. The Ruby Jumper campaign demonstrates advanced techniques for crossing network segmentation boundaries through removable media.
-
9SecurityWeek generalJuniper Networks PTX Routers Affected by Critical Vulnerability
Juniper Networks released an out-of-band security update for Junos OS Evolved to patch CVE-2026-21902, a critical remote code execution vulnerability affecting PTX routers. The emergency nature of the patch suggests significant impact potential for enterprise and service provider networks using these high-end routing platforms.
-
10The Hacker News generalMalicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Researchers discovered a malicious Go module at github[.]com/xinfeisoft/crypto that impersonates the legitimate golang.org/x/crypto codebase while injecting code to harvest terminal passwords, create SSH persistence, and deploy the Rekoobe Linux backdoor. The supply chain attack targets developers using the popular Go programming language's cryptographic libraries.